Q

How IP spoofing and session hijacking work

How does IP spoofing work? I understand that an IP-spoofer must interrupt the connection between two hosts. What kind of program would he use to jump into the conversation before the other person noticed something was wrong? It's the timing that I can't figure out. Can this be done over the Internet, or must the spoofer have a packet sniffer and be on the same segment of cable?

You are apparently confusing IP spoofing with session hijacking.

IP spoofing is simply forging the IP addresses in an IP packet. This is used in many types of "attacks" including session hijacking. It is also often used to fake the e-mail headers of SPAM so they cannot be properly traced.

Session hijacking occurs at the TCP level. According to Internet Security Systems, "TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine."

For more information on session hijacking and other TCP Exploits, please visit Internet Security Systems. The definition I quoted above came from that page, and there are references to other papers, including one that explains IP spoofing.

As for how and where it can be done, if your connections are vulnerable, it can be done over the Internet. The attacker does not need to be directly in your path, though that does simplify things.

More on this topic

 

This was first published in August 2002

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close